-
-
Notifications
You must be signed in to change notification settings - Fork 7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix connect timeout not being enforced #9329
Conversation
The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.
This raises an exception and stops trying to connect at the first IP that timeouts, right? |
@ThibG The alternative is that it moves to the 2nd IP and then never times out (measured 120 seconds in a test before something times out somehow (on 2nd IP after first, specifically)) |
We can put a Timeout::timeout in the foreach block, but then I think we should also limit the maximum number of iterated IPs, and scale individual timeouts such that the total does not exceed 10s. |
@Gargron outch. In this case, yeah, that's probably better for now, but we ought to find a better way. |
Yeah, doing it on the full block is probably best. The downside of this PR is that it's fixing reachability to one set of broken instances while breaking reachability to another set of broken instances. I'd oppose merging this until it can be properly fixed, but, well, too late now. |
@rtucker it hasn't been merged yet. I considered opposing merging this but I think that on balance it's better to have stricter timeouts then it is to have perfect reachability, especially if it's going to be dependent on stuff like DNS order anyways. |
Ah, mis-read "approved" as "merged", apologies. It's 10am on a holiday and the coffee hasn't come out yet, heh. For smaller instances, the timeouts are less of a problem than deliverability. RedLight kicks in pretty quickly for AP endpoints and limits the overall performance impact for complete unreachability pretty well, but whenever OVH or Scaleway half-break for a few hours, not falling back to legacy IP is a problem. |
|
@@ -94,7 +94,7 @@ def key_id | |||
end | |||
|
|||
def timeout | |||
{ connect: 10, read: 10, write: 10 } | |||
{ connect: nil, read: 10, write: 10 } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Timeout.timeout(nil)
yields the block immediately, without spawning any threads
app/lib/request.rb
Outdated
return super(host, *args) if thru_hidden_service?(host) | ||
|
||
outer_e = nil | ||
addresses = Addrinfo.getaddrinfo(host, nil, nil, :SOCK_STREAM).take(2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why 2: AAAA, A is the most common use case. Spawning threads is not cheap, Timeout.timeout
spawns threads, so we don't want to spawn more than 2 (one more than before)
I've had coffee now, and yeah, this seems reasonable. :) |
Hey y'all, I noticed that this change is causing a change in address family preference, I noticed mastodon.social switching over to IPv4 for outbound federation as opposed to using IPv6 preferred if available. 148.251.134.157 - - [22/Nov/2018:22:57:32 +0000] "POST /inbox HTTP/1.1" 202 36 "-" "http.rb/3.3.0 (Mastodon/2.6.1; +https://mastodon.social/)" That seems to be a regression, is this some sort of default behaviour in Resolv::DNS, if so can we change this behaviour? |
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
@Gargron, any chance I can be credited in the release notes for reporting this issue? |
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
@Gargron @akihikodaki, the release(s) where these issues are resolved should probably be tagged as security fixes. |
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
* Use backend from glitch-soc for instance-only toots * Base frontend on privacy dropdown * Add local_only indicator in the status action bar * Add local_only indicator to detailed status * Add backend support for local_only on status create Based off ThibG implementation on glitch #502 * Normalize translations ran yarn build:development && i18n-tasks normalize && yarn manage:translations && i18n-tasks remove-unused * Add local_only to admin screens * Hide local statuses from user atom and from unlogged users * Add local only icon to status page * Fix issue with toggle in mobile * Add default federation option to settings * Fix wrong configuration fetched * Change setting wording * Check for empty "last_status" before sorting DM column (mastodon#9207) * Check for empty "last_status" before sorting * Small touchups for codeclimate * Update resolve_url_service.rb (mastodon#9188) * Increase default column width from 330px to 350px (mastodon#9227) * Optimize the process of following someone (mastodon#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix mastodon#6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService * Fix follow limit validator reporting lower number past threshold (mastodon#9230) * Fix follow limit validator reporting lower number past threshold * Avoid floating point follow limit * Fix form validation flash message color and input borders (mastodon#9235) * Fix form validation flash message color and input borders * Fix typo * Display amount of freed disk space in tootctl media remove (mastodon#9229) * Display amount of freed disk space in tootctl media remove Fix mastodon#9213 * Fix code style issue * Add "Show thread" link to self-replies (mastodon#9228) Fix mastodon#4716 * Fix nil error regression from mastodon#9229 in tootctl media remove (mastodon#9239) Fix mastodon#9237 * Improve ActiveRecord connection in on_worker_boot (mastodon#9238) This is how it looks in the example in the Puma README * Check that twitter:player is valid before using it (mastodon#9254) Fixes mastodon#9251 * Fix emoji update date processing (mastodon#9255) * Perform deep comparison for card data when receiving new props (mastodon#9270) Fixes mastodon#9226 * Fix null error introduced in mastodon#9270 (mastodon#9275) * Fix race condition causing shallow status with only a "favourited" attribute (mastodon#9272) Fixes mastodon#9231 * Fix "tootctl media remove" can't count the file size (mastodon#9288) * Fixed an issue where "tootctl media remove" can not count the file size. * Fixed the problem pointed out by codeclimate. * Remove intermediary arrays when creating hash maps from results (mastodon#9291) * Prevent multiple handlers for Delete of Actor from running (mastodon#9292) * Fix filter ID not being a string in REST API (mastodon#9303) * Update Nginx config for Nanobox apps (mastodon#9310) The Nanobox files have gotten out of sync, a touch, with what Masto needs for Nginx settings. This PR updates them accordingly. * WebSub: ATOM before RSS (mastodon#9302) Hello, The ATOM feed contains the hub declaration for WebSub, but the RSS version does not. RSS/ATOM readers will typically pick whichever version comes first, and will thus not see the WebSub feature. I therefore suggest putting the ATOM version first, as it is more feature-rich than its RSS counterpart is. Clients not compatible with ATOM would not pick it anyway due to the different type attribute. A more complicated alternative would be to declare the WebSub feature in the RSS version as well, using something like the following code, and ensuring that clients subscribed to the RSS version would receive PuSH updates just like those subscribed to the ATOM version. ````xml <rss version="2.0" xmlns:webfeeds="http://webfeeds.org/rss/1.0" xmlns:atom="http://www.w3.org/2005/Atom"> <channel> <atom:link rel="self" type="application/rss+xml" href="https://diaspodon.fr/users/test.rss"/> <atom:link rel="hub" href="https://diaspodon.fr/api/push"/> </channel> </rss> ``` * Touch account on successful response, change char shown when culled (mastodon#9293) Just the color is not enough change since not everyone uses colored terminals. Touching the account makes it so that the account is not in the threshold window in case of running again * Ignore JSON-LD profile in mime type comparison (mastodon#9179) Ignore JSON-LD profile in mime type comparison * Fix connect timeout not being enforced (mastodon#9329) * Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec * Bump version to 2.6.2 * add loglevel to ffmpeg in gif upload (mastodon#9368) * Allow hyphens in the middle of remote user names (mastodon#9345) Fixes mastodon#9309 This only allows hyphens in the middle of a username, much like dots, although I don't have a compelling reason to do so other than keeping the changes minimal. * Fix nil error when no DNS addresses are found for host (mastodon#9379) * Don't count suspended users in user count (mastodon#9380) Fix mastodon#7637 * Skip deliveries to inboxes that have already been marked as unavailable (mastodon#9358) * Fix TLS handshake timeout not being enforced (mastodon#9381) Follow-up to mastodon#9329 * Bump version to 2.6.3 * Remove npm-run-all dependency (mastodon#9401) Fix mastodon#9359 * Bump version to 2.6.4 * Preload common JSON-LD contexts (mastodon#9412) Fixes mastodon#9411 * Include replies to list owner and replies to list members in list statuses (mastodon#9324) * Bump version to 2.6.5 * Only stream local-only toots to logged-in users * Normalize translations * Bumps copyright year in README.md to 2019 (mastodon#9939) This is so incredibly small, but assuming this is a needed change. Might want to check year in other files. * Fix link color in high-contrast theme, add underlines (mastodon#9949) Improve sorting of default themes in the dropdown * Replace unlock-alt icon with unlock (mastodon#9952) * Allow most kinds of characters in URL query (fixes mastodon#8408) (mastodon#8447) * Allow unicode characters in URL query strings Fixes mastodon#8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem. * Fix authorized applications list page design (mastodon#9969) * Fix not showing custom emojis in share page emoji picker (mastodon#9970) * [UI] Fix whitespace being applied to div instead of p (mastodon#9968) * fix large line breaks * fix ascii art posts * Hide misleading “You will be sent a confirmation e-mail” hint from admin view (mastodon#9973) Thanks @wryk for noticing this issue. * Fix Tombstone.delete_all ArgumentError (mastodon#9978) * Only URLs extract with pre-escaped text (mastodon#9991) * [test] add japanese hashtag testcase * Only URLs extract with pre-escaped text ( mastodon#9989 ) * Fix URL linkifier grabbing full-width spaces and quotations (mastodon#9997) Fix mastodon#9993 Fix mastodon#5654 * Fix IntersectionObserverArticle not hiding some out-of-view items (mastodon#9982) IntersectionObserverArticle is made to save on RAM by avoiding fully rendering items that are far out of view. However, it did not work for items spawned outside the intersection observer. * Fix timeline jumps (mastodon#10001) * Avoid two-step rendering of statuses as much as possible Cache width shared by Video player, MediaGallery and Cards at the ScrollableList level, pass it down through StatusList and Notifications. * Adjust scroll when new preview cards appear * Adjust scroll when statuses above the current scroll position are deleted * Don't focus spiler input when disabled spoiler (mastodon#10017) * Move sending account Delete to anyone but the account's followers to the pull̀ queue (mastodon#10016) * Add support for IPv6 only MXes in Email validation (mastodon#10009) * Add support for IPv6 only MXes * Fixed email validator tests * Save IP address used for sign-up, not only sign-in (mastodon#10026) Fixes mastodon#9995 * Fix color of static page links in high contrast theme (mastodon#10028) * Fix hashtags select styling in default and high contrast themes (mastodon#10029) * Fix style regressions on landing page (mastodon#10030) * Add tight rate-limit for API deletions (mastodon#10042) Deletions take a lot of resources to execute and cause a lot of federation traffic, so it makes sense to decrease the number someone can queue up through the API. 30 per 30 minutes * Fix hashtag column not subscribing to stream on mount (mastodon#10040) Fix mastodon#9895 * Create Redisable#redis (mastodon#9633) * Create Redisable * Use #redis instead of Redis.current * Alternative handling of private self-boosts (mastodon#9998) * When self-boosting, embed original toot into Announce serialization * Process unknown self-boosts from Announce object if it is more than an URI * Add some self-boost specs * Only serialize private toots in self-Announces * Filter incoming Create activities by relation to local activity (mastodon#10005) Reject those from accounts with no local followers, from relays that are not enabled, which do not address local accounts and are not replies to accounts that do have local followers * Filter incoming Announce activities by relation to local activity (mastodon#10041) * Filter incoming Announce activities by relation to local activity Reject if announcer is not followed by local accounts, and is not from an enabled relay, and the object is not a local status Follow-up to mastodon#10005 * Fix tests * Add logging for rejected ActivityPub payloads and add tests (mastodon#10062) * Fix Announce activities of unknown statuses not fetching those statuses (mastodon#10065) Regression from mastodon#9998 * Fix relay enabling/disabling not resetting inbox availability status (mastodon#10048) Fix mastodon#10033 * Change robots.txt to exclude some URLs (mastodon#10037) - Exclude static assets - Exclude uploaded files - Exclude alternate versions of the profile page - Exclude media proxy URLs * Change robots.txt to exclude only media proxy URLs (mastodon#10038) * Revert "Change robots.txt to exclude some URLs (mastodon#10037)" This reverts commit 80161f4. * Let's block media_proxy /media_proxy/ is a dynamic route used for requesting uncached media, so it's probably bad to let crawlers use it * misleading comment * Improve image description user experience (mastodon#10036) * Add image descriptions to searchable post content. * Allow multi-line image descriptions. * Request image descriptions in the same query as posts when creating the search index. (see mastodon#10036 (comment)) * perf: run node directly when streaming (mastodon#10032) * Fix breaks when opening a reply tree in WebUI (mastodon#10046) fix mastodon#10045 * Change conversations to always show names of other participants (mastodon#10047) Fix mastodon#9190 * Change buttons on timeline preview to open the interaction dialog (mastodon#10054) Fix mastodon#9922 * Change error graphic to hover-to-play (mastodon#10055) Fix mastodon#6060 * Add registrations attribute to instance entity in REST API (mastodon#10060) Fix mastodon#9350 * Add vapid_key to the application entity in the REST API (mastodon#10058) Fix mastodon#8785 * Fix mutes, blocks, domain blocks and follow requests not paginating (mastodon#10057) Regression from mastodon#9581 * Fix crash on public hashtag pages when streaming fails (mastodon#10061) * Bump version to 2.7.2 * Do not leak local-only toots to remote mentioned users * Update .gitignore * Update Beach City version to 1.4
This issue (and #9381) have been assigned CVE-2018-21018, which was resolved with Mastodon release v2.6.3. |
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
* Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
* Use backend from glitch-soc for instance-only toots * Base frontend on privacy dropdown * Add backend support for local_only on status create Based off ThibG implementation on glitch #502 * Add local_only indicator in the status action bar * Add local_only indicator to detailed status * Normalize translations ran yarn build:development && i18n-tasks normalize && yarn manage:translations && i18n-tasks remove-unused * Add local_only to admin screens * Hide local statuses from user atom and from unlogged users * Add local only icon to status page * Fix issue with toggle in mobile * Add default federation option to settings * Fix wrong configuration fetched * Change setting wording * Check for empty "last_status" before sorting DM column (mastodon#9207) * Check for empty "last_status" before sorting * Small touchups for codeclimate * Update resolve_url_service.rb (mastodon#9188) * Increase default column width from 330px to 350px (mastodon#9227) * Optimize the process of following someone (mastodon#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix mastodon#6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService * Fix follow limit validator reporting lower number past threshold (mastodon#9230) * Fix follow limit validator reporting lower number past threshold * Avoid floating point follow limit * Fix form validation flash message color and input borders (mastodon#9235) * Fix form validation flash message color and input borders * Fix typo * Display amount of freed disk space in tootctl media remove (mastodon#9229) * Display amount of freed disk space in tootctl media remove Fix mastodon#9213 * Fix code style issue * Add "Show thread" link to self-replies (mastodon#9228) Fix mastodon#4716 * Fix nil error regression from mastodon#9229 in tootctl media remove (mastodon#9239) Fix mastodon#9237 * Improve ActiveRecord connection in on_worker_boot (mastodon#9238) This is how it looks in the example in the Puma README * Check that twitter:player is valid before using it (mastodon#9254) Fixes mastodon#9251 * Fix emoji update date processing (mastodon#9255) * Perform deep comparison for card data when receiving new props (mastodon#9270) Fixes mastodon#9226 * Fix null error introduced in mastodon#9270 (mastodon#9275) * Fix race condition causing shallow status with only a "favourited" attribute (mastodon#9272) Fixes mastodon#9231 * Fix "tootctl media remove" can't count the file size (mastodon#9288) * Fixed an issue where "tootctl media remove" can not count the file size. * Fixed the problem pointed out by codeclimate. * Remove intermediary arrays when creating hash maps from results (mastodon#9291) * Prevent multiple handlers for Delete of Actor from running (mastodon#9292) * Fix filter ID not being a string in REST API (mastodon#9303) * Update Nginx config for Nanobox apps (mastodon#9310) The Nanobox files have gotten out of sync, a touch, with what Masto needs for Nginx settings. This PR updates them accordingly. * WebSub: ATOM before RSS (mastodon#9302) Hello, The ATOM feed contains the hub declaration for WebSub, but the RSS version does not. RSS/ATOM readers will typically pick whichever version comes first, and will thus not see the WebSub feature. I therefore suggest putting the ATOM version first, as it is more feature-rich than its RSS counterpart is. Clients not compatible with ATOM would not pick it anyway due to the different type attribute. A more complicated alternative would be to declare the WebSub feature in the RSS version as well, using something like the following code, and ensuring that clients subscribed to the RSS version would receive PuSH updates just like those subscribed to the ATOM version. ````xml <rss version="2.0" xmlns:webfeeds="http://webfeeds.org/rss/1.0" xmlns:atom="http://www.w3.org/2005/Atom"> <channel> <atom:link rel="self" type="application/rss+xml" href="https://diaspodon.fr/users/test.rss"/> <atom:link rel="hub" href="https://diaspodon.fr/api/push"/> </channel> </rss> ``` * Touch account on successful response, change char shown when culled (mastodon#9293) Just the color is not enough change since not everyone uses colored terminals. Touching the account makes it so that the account is not in the threshold window in case of running again * Ignore JSON-LD profile in mime type comparison (mastodon#9179) Ignore JSON-LD profile in mime type comparison * Fix connect timeout not being enforced (mastodon#9329) * Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec * Bump version to 2.6.2 * add loglevel to ffmpeg in gif upload (mastodon#9368) * Allow hyphens in the middle of remote user names (mastodon#9345) Fixes mastodon#9309 This only allows hyphens in the middle of a username, much like dots, although I don't have a compelling reason to do so other than keeping the changes minimal. * Fix nil error when no DNS addresses are found for host (mastodon#9379) * Don't count suspended users in user count (mastodon#9380) Fix mastodon#7637 * Skip deliveries to inboxes that have already been marked as unavailable (mastodon#9358) * Fix TLS handshake timeout not being enforced (mastodon#9381) Follow-up to mastodon#9329 * Bump version to 2.6.3 * Remove npm-run-all dependency (mastodon#9401) Fix mastodon#9359 * Bump version to 2.6.4 * Preload common JSON-LD contexts (mastodon#9412) Fixes mastodon#9411 * Include replies to list owner and replies to list members in list statuses (mastodon#9324) * Bump version to 2.6.5 * Only stream local-only toots to logged-in users * Normalize translations * Bumps copyright year in README.md to 2019 (mastodon#9939) This is so incredibly small, but assuming this is a needed change. Might want to check year in other files. * Fix link color in high-contrast theme, add underlines (mastodon#9949) Improve sorting of default themes in the dropdown * Replace unlock-alt icon with unlock (mastodon#9952) * Allow most kinds of characters in URL query (fixes mastodon#8408) (mastodon#8447) * Allow unicode characters in URL query strings Fixes mastodon#8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem. * Fix authorized applications list page design (mastodon#9969) * Fix not showing custom emojis in share page emoji picker (mastodon#9970) * [UI] Fix whitespace being applied to div instead of p (mastodon#9968) * fix large line breaks * fix ascii art posts * Hide misleading “You will be sent a confirmation e-mail” hint from admin view (mastodon#9973) Thanks @wryk for noticing this issue. * Fix Tombstone.delete_all ArgumentError (mastodon#9978) * Only URLs extract with pre-escaped text (mastodon#9991) * [test] add japanese hashtag testcase * Only URLs extract with pre-escaped text ( mastodon#9989 ) * Fix URL linkifier grabbing full-width spaces and quotations (mastodon#9997) Fix mastodon#9993 Fix mastodon#5654 * Fix IntersectionObserverArticle not hiding some out-of-view items (mastodon#9982) IntersectionObserverArticle is made to save on RAM by avoiding fully rendering items that are far out of view. However, it did not work for items spawned outside the intersection observer. * Fix timeline jumps (mastodon#10001) * Avoid two-step rendering of statuses as much as possible Cache width shared by Video player, MediaGallery and Cards at the ScrollableList level, pass it down through StatusList and Notifications. * Adjust scroll when new preview cards appear * Adjust scroll when statuses above the current scroll position are deleted * Don't focus spiler input when disabled spoiler (mastodon#10017) * Move sending account Delete to anyone but the account's followers to the pull̀ queue (mastodon#10016) * Add support for IPv6 only MXes in Email validation (mastodon#10009) * Add support for IPv6 only MXes * Fixed email validator tests * Save IP address used for sign-up, not only sign-in (mastodon#10026) Fixes mastodon#9995 * Fix color of static page links in high contrast theme (mastodon#10028) * Fix hashtags select styling in default and high contrast themes (mastodon#10029) * Fix style regressions on landing page (mastodon#10030) * Add tight rate-limit for API deletions (mastodon#10042) Deletions take a lot of resources to execute and cause a lot of federation traffic, so it makes sense to decrease the number someone can queue up through the API. 30 per 30 minutes * Fix hashtag column not subscribing to stream on mount (mastodon#10040) Fix mastodon#9895 * Create Redisable#redis (mastodon#9633) * Create Redisable * Use #redis instead of Redis.current * Alternative handling of private self-boosts (mastodon#9998) * When self-boosting, embed original toot into Announce serialization * Process unknown self-boosts from Announce object if it is more than an URI * Add some self-boost specs * Only serialize private toots in self-Announces * Filter incoming Create activities by relation to local activity (mastodon#10005) Reject those from accounts with no local followers, from relays that are not enabled, which do not address local accounts and are not replies to accounts that do have local followers * Filter incoming Announce activities by relation to local activity (mastodon#10041) * Filter incoming Announce activities by relation to local activity Reject if announcer is not followed by local accounts, and is not from an enabled relay, and the object is not a local status Follow-up to mastodon#10005 * Fix tests * Add logging for rejected ActivityPub payloads and add tests (mastodon#10062) * Fix Announce activities of unknown statuses not fetching those statuses (mastodon#10065) Regression from mastodon#9998 * Fix relay enabling/disabling not resetting inbox availability status (mastodon#10048) Fix mastodon#10033 * Change robots.txt to exclude some URLs (mastodon#10037) - Exclude static assets - Exclude uploaded files - Exclude alternate versions of the profile page - Exclude media proxy URLs * Change robots.txt to exclude only media proxy URLs (mastodon#10038) * Revert "Change robots.txt to exclude some URLs (mastodon#10037)" This reverts commit 80161f4. * Let's block media_proxy /media_proxy/ is a dynamic route used for requesting uncached media, so it's probably bad to let crawlers use it * misleading comment * Improve image description user experience (mastodon#10036) * Add image descriptions to searchable post content. * Allow multi-line image descriptions. * Request image descriptions in the same query as posts when creating the search index. (see mastodon#10036 (comment)) * perf: run node directly when streaming (mastodon#10032) * Fix breaks when opening a reply tree in WebUI (mastodon#10046) fix mastodon#10045 * Change conversations to always show names of other participants (mastodon#10047) Fix mastodon#9190 * Change buttons on timeline preview to open the interaction dialog (mastodon#10054) Fix mastodon#9922 * Change error graphic to hover-to-play (mastodon#10055) Fix mastodon#6060 * Add registrations attribute to instance entity in REST API (mastodon#10060) Fix mastodon#9350 * Add vapid_key to the application entity in the REST API (mastodon#10058) Fix mastodon#8785 * Fix mutes, blocks, domain blocks and follow requests not paginating (mastodon#10057) Regression from mastodon#9581 * Fix crash on public hashtag pages when streaming fails (mastodon#10061) * Bump version to 2.7.2 * Do not leak local-only toots to remote mentioned users * Add description on hover in media gallery (mastodon#10713) * Fix some colors of high contrast theme (mastodon#10711) * Fix "nothing here" text color of high contrast * Fix counter border color of high contrast * Bring back crossed eye icon on gallery (mastodon#10715) * Improve poll link accessibility (mastodon#10720) * Add distinction between hover and active/focus states * Resolves mastodon#10198 * Change icon and label depending on whether media is marked as sensitive (mastodon#10748) * Change icon and label depending on whether media is marked as sensitive * WiP use a checkbox * Fix some colors in light theme (mastodon#10754) * Fix typo in light theme * Fix background color of empty column * Adds click-able div that expands status (mastodon#10733) (mastodon#10766) The clickable div is positioned under the account avatar and covers all empty space below it to the end of the status. * Minor performance improvements and cleanup in formatter (mastodon#10765) * Prevent from publicly boosting one's own private toots (mastodon#10775) * add og:image:alt for media attachments in embeds (mastodon#10779) * Add post-deployment migration script to delete public-boosts-of-private-toots (mastodon#10783) * fix `isSubmitting` prop case (mastodon#10785) * Fix “invited by” not showing up for invited accounts in admin interface (mastodon#10791) * Bump version to 2.8.3 * Retry ActivityPub inbox delivery on HTTP 401 and 408 errors (mastodon#10812) HTTP 401 responses returned by Mastodon's inbox controller may be temporary if, for instance, the requesting user's actor/key json could not be retrieved in a timely fashion. This changes allow retries instead of dropping the message entirely. Also added HTTP 408 as that error is by nature temporary. * Move signature verification stoplight to the requests themselves (mastodon#10813) * Move signature verification stoplight to the requests themselves This avoids blocking messages from known keys for 5 minutes when only one fails… * Put the stoplight on the actual client IP, not a potential reverse proxy * Fix possible race condition when processing statuses (mastodon#10815) * Improve streaming server security (mastodon#10818) * Check OAuth token scopes in the streaming API * Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token Inspired by kubevirt/kubevirt#1242 * Bump version to 2.8.4 * Fix merge issues * Fix account URI in UpdatePollSerializer (mastodon#11194) * Fix account URI in UpdatePollSerializer Fixes mastodon#11185 * Add specs * Fix swiping columns on mobile sometimes failing (mastodon#11200) Fixes mastodon#9779 * Fix option to send e-mail notification about account action always being true (mastodon#11242) * Fix BackupService crashing when an attachment is missing (mastodon#11241) * Fix BackupService crashing when an attachment is missing For various reasons such as admin error or out-of-sync media and database backups, it might be possible for local attachments to be lost. This commit allows the BackupService to continue its work even if some media file is missing. * Change error message * Fix Status.remote scope matching *all* statuses (mastodon#11265) * Fix BlockService trying to reject incorrect follow request (mastodon#11288) Fixes mastodon#11148 * Fix invites not being disabled upon account suspension (mastodon#11412) * Disable invite links from disabled/suspended users * Add has_many invites relationship to users * Destroy unused invites when suspending an account * Update fuubar dependency to 2.4.1 (mastodon#11248) See also: thekompanee/fuubar#111 * Fix support for MP4 files that are actually M4V files (mastodon#11210) Resolve mastodon#11187 * Fix expiration date of filters being set to “Never” when editing them (mastodon#11204) When editing a custom filter, select the shortest preset duration that still covers the remaining time of that filter. Fixes mastodon#9506 * Fix statsd UDP sockets not being cleaned up in Sidekiq (mastodon#11230) * Remove unused StatsD code and expose StatsD as a global variable (mastodon#11232) The instrumentation code was used for StatsD metrics collection prior to the switch to the nsa gem and should have been removed at that point as it no longer does anything at all * Fix some flash notices/alerts staying on unrelated pages (mastodon#11364) * Fix `alerts` booleans not being typecast correctly in push subscription (mastodon#11343) * Fix `alerts` booleans not being typecast correctly in push subscription Fix mastodon#10789 * Fix typo * Optimize makeGetStatus (mastodon#11211) * Optimize makeGetStatus Because `ImmutableList.filter` always returns a new object and `createSelector` memoizes based on object identity, the selector returned by `makeGetStatus` would *always* execute. To avoid that, we wrap `getFilters` into a new memoizer that memoizes based on deep equality, thus returning the same object as long as the filters haven't changed, allowing the memoization of `makeGetStatus` to work. Furthermore, we memoize the compiled regexs instead of recomputing them each time the selector is called. * Fix memoized result being cleared too often * Make notifications use memoized getFiltersRegex * Memoize ancestorIds and descendantIds in detailed status view (mastodon#11234) * Fix boosting & unboosting preventing a boost from appearing in the TL (mastodon#11405) * Fix boosting & unboosting preventing a boost from appearing in the TL * Add tests * Avoids side effects when aggregate_reblogs isn't true * Fix delete regression (mastodon#11450) Regression from ff789a7 * Apply filters to poll options (mastodon#11174) * Apply filters to poll options in WebUI Fixes mastodon#11128 * Apply filters to poll options server-side * Add poll options to searchable text * Fix unnecessary SQL query performed on unauthenticated requests (mastodon#11179) * Add message telling FTS is disabled when no toot can be found because of this (mastodon#11112) * Add message telling FTS is disabled when no toot can be found because of this Fixes mastodon#11082 * Remove info icon and reword message * Display FTS warning based on actual search term, not the one being typed (mastodon#11202) Follow-up to mastodon#11112 * Scroll to compose form rather than reply indicator on focus (mastodon#11182) * When sending a toot, ensure a CW is only set if the CW field is visible (mastodon#11206) In some occasions, such as the browser or a browser extension auto-filling the existing but disabled/hidden CW field, a CW can be set without the user knowing. * When deleting & redrafting a poll, fill in closest expires_in (mastodon#11203) Use the smallest preset expires_in such that the new poll would not expire before the old one. In the typical case of a quick delete & redraft, this results in using the same poll duration. Fixes mastodon#10567 * Only scroll to the compose form if it's not horizontally in the viewport (mastodon#11246) Avoids jumping the scroll around vertically when giving it focus and editing long toots. * Display custom emoji in bio field names (mastodon#11350) Already displayed in public pages, but not WebUI * Play animated custom emoji on hover (mastodon#11348) * Play animated custom emoji on hover in status * Play animated custom emoji on hover in display names * Play animated custom emoji on hover in bios/bio fields * Add support for animation on hover on public pages emojis too * Fix tests * Code style cleanup * Fix animate on hover in poll options without CW (mastodon#11404) * Change domain block behaviour to prevent creation of accounts from suspended domains (mastodon#11219) * Change ActivityPub::DeliveryWorker to not retry HTTP 501 errors (mastodon#11233) * Change the retry limit in error of web push notification (mastodon#11292) - Change the maximum count of retry for web push notification (Default -> 5). - In case of high load of subscribe server, the retries will be repeated many times. - Because the retries occupy the default queue, maximum retry count should be reduced. * Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 (mastodon#11302) * Make puma bind address configurable with BIND env var (mastodon#11326) * Change terms and privacy policy pages to always be accessible (mastodon#11334) Fix mastodon#11328 * Change language detection to include hashtags as words (mastodon#11341) * Fix only one middle dot being recognized in hashtags (mastodon#11345) Fix mastodon#10934 * Change Dockerfile to bind to 0.0.0.0 instead of docker-compose.yml (mastodon#11351) * Fix sanitizing lists contents (mastodon#11354) * Add test * Fix code for sanitizing nested lists stripping all tags * Fix avatar animation on hover when not logged in (mastodon#11349) * Added logout to dropdown menu (mastodon#11353) * Added logout to dropdown menu * Triggering build-and-test with empty commit as it seems it failed due to some internal failure * Looks fine, ready to review * Added changes from review * method can be null without any problems * Also target can be null * Disallow numeric-only hashtags (mastodon#11363) * Add spec covering numeric-only hashtags * Fix hashtag regex * Change locale detection to run once per session (mastodon#8657) Fix mastodon#6462 * Bind servers to 0.0.0.0 in Procfile (mastodon#11378) * Bind to 0.0.0.0 * Make Procfile common to main and streaming apps * Change account domain block to clear out notifications and follows (mastodon#11393) * Remove pre from version, add extra suffix variable (mastodon#11407) * Remove timestamps from converted images to make them deterministic (mastodon#11408) * Prevent archiving when user set "noindex" (mastodon#11421) * Disable list title validation button when list title is empty (mastodon#11475) * Fix timestamp on featured tag (mastodon#11477) It resolves mastodon#11338 * Trap tab in modals (mastodon#11493) * Fix privacy dropdown active state when dropdown is placed on top of it (mastodon#11495) * Improve dropdown menu keyboard navigation (mastodon#11491) * Allow selecting menu items with the space bar in status dropdown menus * Fix modals opened by keyboard navigation being immediately closed * Fix menu items triggering modal actions * Add Tab trapping inside dropdown menu * Give focus back to last focused element when status dropdown menu closes * Improve keyboard navigation in privacy dropdown (mastodon#11492) * Trap tab in privacy dropdown * Give focus back to last focused element when privacy dropdown menu closes * Actually give back focus to the element that had it before clicking the dropdown * Fix image uploads being perfectly white when canvas read access is blocked (mastodon#11499) Fixes mastodon#11496 * Improve focus handling with dropdown menus (mastodon#11511) - Focus first item when activated via keyboard - When the dropdown menu closes, give back the focus to the actual element which was focused prior to opening the menu * Fix "cancel follow request" button having unreadable text in web UI (mastodon#11521) Fix mastodon#11478 * Add GIF and WebP support for custom emojis (mastodon#11519) Fix mastodon#11466 * Fix pinned statuses API returning pagination headers (mastodon#11526) Fix mastodon#10227 * Fix crash when saving invalid domain name (mastodon#11528) Fix mastodon#7629 * Fix “read more” button behing hidden (regression from mastodon#11404) (mastodon#11522) * Fix “read more” button behing hidden (regression from mastodon#11404) This has the side-effect of putting the “Read more” button below possibly trunctated polls instead of putting the poll below the “Read more” * Remove dead code * Bump version to 2.9.3 Co-authored-by: Renato "Lond" Cerqueira <renato@lond.com.br> Co-authored-by: Steven Tappert <admin@dark-it.net> Co-authored-by: m.b <mbajur@users.noreply.github.com> Co-authored-by: Eugen Rochko <eugen@zeonfederated.com> Co-authored-by: ThibG <thib@sitedethib.com> Co-authored-by: mayaeh <mayaeh@marimo-net.org> Co-authored-by: Dan Hunsaker <danhunsaker@gmail.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Co-authored-by: valerauko <vale@valerauko.net> Co-authored-by: Hugo Gameiro <hmgameiro@gmail.com> Co-authored-by: Sam Schlinkert <sschlinkert@gmail.com> Co-authored-by: Clar Charr <clar@charr.xyz> Co-authored-by: Jakub Mendyk <jakubmendyk.szkola@gmail.com> Co-authored-by: rinsuki <428rinsuki+git@gmail.com> Co-authored-by: trwnh <a@trwnh.com> Co-authored-by: abcang <abcang1015@gmail.com> Co-authored-by: Hinaloe <hina@hinaloe.net> Co-authored-by: Franck Zoccolo <franck@zoccolo.com> Co-authored-by: ysksn <bluewhale1982@gmail.com> Co-authored-by: nightpool <nightpool@users.noreply.github.com> Co-authored-by: Ben Lubar <ben.lubar+github@gmail.com> Co-authored-by: Nolan Lawson <nolan@nolanlawson.com> Co-authored-by: nzws <git-yuzu@svk.jp> Co-authored-by: Jeong Arm <kjwonmail@gmail.com> Co-authored-by: Maciek Baron <thebezet@gmail.com> Co-authored-by: nzws <git@nzws.me> Co-authored-by: Neil Moore <dar13.dev@gmail.com> Co-authored-by: Ben Lubar <ben.lubar@gmail.com> Co-authored-by: Georg Gadinger <nilsding@nilsding.org> Co-authored-by: han@highemelry <high.emerly.ytfin@gmail.com> Co-authored-by: Daigo 3 Dango <zunda@users.noreply.github.com> Co-authored-by: koyu <me@koyu.space> Co-authored-by: Clar Fon <them@lightdark.xyz>
…tance_only_statuses) commit d56074116f8d884d7fc52384fa7980fa3aa62492 Merge: 6ba8af0a74 1c8c318281 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Thu Feb 3 14:04:08 2022 +0100 Merge tag 'v3.4.5' into instance_only_statuses commit 6ba8af0a74560798bc6fd65dc7f7777651fa942c Merge: 8ef1767c07 fd868f8ca0 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue Dec 28 12:51:24 2021 +0100 Merge tag 'v3.4.4' into instance_only_statuses commit 8ef1767c0707a93a4d6730875f514943a9233155 Merge: b43c50afa8 4c7efdba40 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue May 25 19:36:32 2021 +0200 Merge tag 'v3.4.0' into instance_only_statuses commit b43c50afa85e844c47e8e5f46de55b56dba2b96b Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Sun Dec 27 12:04:11 2020 +0100 Fix old merges code commit 1f47e8f1bf4a67148a4001258827a6803628a6aa Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Sun Dec 27 11:38:47 2020 +0100 Fix for new listener detection commit cb085b4c44acc3d57532bfd8edb687c4893e1a8f Merge: 92c4d909a0 633d175146 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Sun Dec 27 11:00:43 2020 +0100 Merge tag 'v3.3.0' into instance_only_statuses commit 92c4d909a04202cad3f875ba512884f1f4b4baaf Merge: 8126ac030e a583e54023 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Thu Nov 19 22:47:16 2020 +0100 Merge tag 'v3.2.1' into instance_only_statuses commit a583e540232fe7f3c0902dec0ba97252eb4357cc Author: Eugen Rochko <eugen@zeonfederated.com> Date: Mon Oct 19 15:58:53 2020 +0200 Bump version to 3.2.1 commit 4ea7193f0a65a28886b954e99733cc42e6b9f572 Author: ThibG <thib@sitedethib.com> Date: Mon Aug 24 18:21:07 2020 +0200 Add support for latest HTTP Signatures spec draft (#14556) * Add support for latest HTTP Signatures spec draft https://www.ietf.org/id/draft-ietf-httpbis-message-signatures-00.html - add support for the “hs2019” signature algorithm (assumed to be equivalent to RSA-SHA256, since we do not have a mechanism to specify the algorithm within the key metadata yet) - add support for (created) and (expires) pseudo-headers and related signature parameters, when using the hs2019 signature algorithm - adjust default “headers” parameter while being backwards-compatible with previous implementation - change the acceptable time window logic from 12 hours surrounding the “date” header to accepting signatures created up to 1 hour in the future and expiring up to 1 hour in the past (but only allowing expiration dates up to 12 hours after the creation date) This doesn't conform with the current draft, as it doesn't permit accounting for clock skew. This, however, should be addressed in a next version of the draft: https://github.com/httpwg/http-extensions/pull/1235 * Add additional signature requirements * Rewrite signature params parsing using Parslet * Make apparent which signature algorithm Mastodon on verification failure Mastodon uses RSASSA-PKCS1-v1_5, which is not recommended for new applications, and new implementers may thus unknowingly use RSASSA-PSS. * Add workaround for PeerTube's invalid signature header The previous parser allowed incorrect Signature headers, such as those produced by old versions of the `http-signature` node.js package, and seemingly used by PeerTube. This commit adds a workaround for that. * Fix `signature_key_id` raising an exception Previously, parsing failures would result in `signature_key_id` being nil, but the parser changes made that result in an exception. This commit changes the `signature_key_id` method to return `nil` in case of parsing failures. * Move extra HTTP signature helper methods to private methods * Relax (request-target) requirement to (request-target) || digest This lets requests from Plume work without lowering security significantly. commit aa98655cf61e732fb3cfe7626347b79189f61b77 Author: ThibG <thib@sitedethib.com> Date: Mon Aug 24 16:56:21 2020 +0200 Fix dereferencing remote statuses not using the correct account (#14656) Follow-up to #14359 In the case of limited toots, the receiver may not be explicitly part of the audience. If a specific user's inbox URI was specified, it makes sense to dereference the toot from the corresponding user, instead of trying to find someone in the explicit audience. commit dd3a86eb04d7445e32df44b66ec34332b78b7902 Author: Tdxdxoz <tdxdxoz@gmail.com> Date: Mon Aug 24 20:13:44 2020 +0800 Fix: also use custom private boost icon for detailed status (#14471) * use custom private boost icon for detail status * only use className commit aea0161e83ba0d154a3b3824e4d14d31773486b0 Author: ThibG <thib@sitedethib.com> Date: Mon Aug 24 14:11:47 2020 +0200 Add support for inlined objects in activity audience (#14514) * Add support for inlined objects in activity audience * Add tests commit 8b448aecef9495353a1cd18d9e5d95b576cdede2 Author: ThibG <thib@sitedethib.com> Date: Mon Aug 10 01:51:06 2020 +0200 Fix `tootctl media` commands not handling snowflake ids for media_attachments (#14536) commit 6db143e424b7566519153e6a0c831cd77ceff227 Author: ThibG <thib@sitedethib.com> Date: Sat Aug 8 17:57:56 2020 +0200 Fix crash when failing to load emoji picker (#14525) Fixes #14523 commit 3b699f17320de7fc1d1adc40e8edbd8ee58c9d57 Author: ThibG <thib@sitedethib.com> Date: Sun Aug 2 18:47:44 2020 +0200 Fix thumbnail color extraction (#14464) * Fix contrast calculation for thumbnail color extraction Luminance calculation was using 0-255 RGB values instead of 0-1 sRGB values, leading to incorrectly-computed contrast values. Since we use ColorDiff already, just use its XYZ colorspace conversion code to get the value. * Require at least 3:1 contrast for both accent and foreground colors * Lower required contrast for the accent color commit 1995a5cb34337d18ba305c56715194fbaa68786e Author: ThibG <thib@sitedethib.com> Date: Sun Aug 2 19:03:10 2020 +0200 Fix audio/video player not using CDN_HOST in media paths on public pages (#14486) commit 469c4c78a3ce2f7065c7273fd2800f9a39191a21 Author: ThibG <thib@sitedethib.com> Date: Sun Aug 2 18:47:09 2020 +0200 Fix audio player on Safari (#14485) commit 399c5f09009e05d22e9acd8bb75f3f803b58e365 Author: ThibG <thib@sitedethib.com> Date: Sun Aug 2 11:21:10 2020 +0200 Change content-type to be always computed from file data (#14452) * Change content-type to be always computed from file data Restore previous behavior, detecting the content-type isn't very expensive, and some instances may serve files as application/octet-stream regardless of their true type, making fetching media from them fail, while it used to work pre-3.2.0. * Add test commit 856cb96a2b4823b62df19f67686921890adfc2f8 Author: ThibG <thib@sitedethib.com> Date: Sun Aug 2 11:20:17 2020 +0200 Fix new audio player features not working on Safari (#14465) Fixes #14462 commit 58c59af573d7cb285317bdb27d745b38cf045378 Author: Takeshi Umeda <noel.yoshiba@gmail.com> Date: Tue Aug 25 01:09:46 2020 +0900 Fix an error when file_file_size is nil in tootctl media remove (#14657) commit 3f4cceebd66c0e209239bf5a917bbda8de57d189 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Aug 30 01:54:30 2020 +0200 Fix videos with near-60 fps being rejected (#14684) Fix #14668 commit ce6aaed4325d1a5dc15a799856d26b3d22222633 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Oct 8 00:34:57 2020 +0200 Remove dependency on goldfinger gem (#14919) There are edge cases where requests to certain hosts timeout when using the vanilla HTTP.rb gem, which the goldfinger gem uses. Now that we no longer need to support OStatus servers, webfinger logic is so simple that there is no point encapsulating it in a gem, so we can just use our own Request class. With that, we benefit from more robust timeout code and IPv4/IPv6 resolution. Fix #14091 commit 8f79ed0487fb17ad59182b49b3fbe46043cbaedd Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Sep 13 12:52:17 2020 +0200 Fix reported statuses not being included in warning e-mail (#14778) commit 4acfc3ce83a0f7492137ef0a3b0c78cce0773e6e Author: ThibG <thib@sitedethib.com> Date: Sat Aug 1 18:20:37 2020 +0200 Fix handling of Reject Follow when a matching follow relationship exists (#14479) * Add tests * Fix handling of Reject Follow when a matching follow relationship exists Regression from #12199 commit c98b7751ca6f7c638997c26b0807af5b51915593 Author: Takeshi Umeda <noel.yoshiba@gmail.com> Date: Tue Sep 1 01:11:27 2020 +0900 Fix limited follower id in fan-out-on-write service (#14709) commit 0abfa06b2f4d57363be8690aaf8e8ca3e1bfb221 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Aug 30 12:33:59 2020 +0200 Fix inefficiencies in fan-out-on-write service (#14682) commit aecdaf5a8c001a6e0e75a20072564de754ab5f8b Author: ThibG <thib@sitedethib.com> Date: Mon Sep 14 13:04:29 2020 +0200 Do not serve account actors at all in limited federation mode (#14800) * Do not serve account actors at all in limited federation mode When an account is fetched without a signature from an allowed instance, return an error. This isn't really an improvement in security, as the only information that was previously returned was required protocol-level info, and the only personal bit was the existence of the account. The existence of the account can still be checked by issuing a webfinger query, as those are accepted without signatures. However, this change makes it so that unallowed instances won't create account records on their end when they find a reference to an unknown account. The previous behavior of rendering a limited list of fields, instead of not rendering the actor at all, was in order to prevent situations in which two instances in Authorized Fetch mode or Limited Federation mode would fail to reach each other because resolving an account would require a signed query… from an account which can only be fetched with a signed query itself. However, this should now be fine as fetching accounts is done by signing on behalf of the special instance actor, which does not require any kind of valid signature to be fetched. * Fix tests commit 8126ac030ee5f65077e0e2ded400a221c6b62016 Merge: 06b6353483 93dd413a47 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Mon Jul 27 22:21:35 2020 +0200 Merge tag 'v3.2.0' into instance_only_statuses commit 06b635348327823570119362a2f1a7981a898011 Merge: e0f3a4583c 661f3f26b0 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Wed Jul 15 20:13:00 2020 +0200 Merge tag 'v3.1.5' into instance_only_statuses commit 661f3f26b041dd6f1f0ea646e55616f7139bb957 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Jul 7 15:22:47 2020 +0200 Bump version to 3.1.5 commit 2d2e3651eee12364b53f658077dae9343aca5e09 Author: Thibaut Girka <thib@sitedethib.com> Date: Mon Jun 22 21:09:18 2020 +0200 Fix media attachment enumeration Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> commit 951e997b26cb5bf93539a22221efda97ad70079e Author: Eugen Rochko <eugen@zeonfederated.com> Date: Wed Jun 24 00:21:03 2020 +0200 Change rate limits for various paths - Rate limit login attempts by target account - Rate limit password resets and e-mail re-confirmations by target account - Rate limit sign-up/login attempts, password resets, and e-mail re-confirmations by IP like before commit fa3f78e4bf1b5e2b6e8b11f161dd3c02348bf3d4 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Jun 23 02:57:00 2020 +0200 Fix other sessions not being logged out on password change While OAuth tokens were immediately revoked, accessing the home controller immediately generated new OAuth tokens and "revived" the session due to a combination of using remember_me tokens and overwriting the `authenticate_user!` method commit e0f3a4583c68b560425e30306153cf1b8f4dabe0 Merge: a42a98bc67 b752666e3f Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Fri Feb 21 14:21:59 2020 +0100 Merge tag 'v3.1.1' into instance_only_statuses commit a42a98bc673141efa5f14892578cfc4901d84f65 Merge: fbaaf24be8 c4118ba71b Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Mon Oct 21 09:14:53 2019 +0200 Merge tag 'v3.0.1' into instance_only_statuses commit fbaaf24be8db9d80b4258ba78b9c7639cc688d33 Merge: 405d6a71c8 06f906acac Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Sat Aug 10 09:20:44 2019 +0200 Merge tag 'v2.9.3' into instance_only_statuses commit 06f906acace5770fc10f333a203b036c5b72c849 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sat Aug 10 00:08:42 2019 +0200 Bump version to 2.9.3 commit 80d8ff97e40fef2e6d9fd36c5bda882e92cd49dc Author: ThibG <thib@sitedethib.com> Date: Thu Aug 8 17:05:50 2019 +0200 Fix “read more” button behing hidden (regression from #11404) (#11522) * Fix “read more” button behing hidden (regression from #11404) This has the side-effect of putting the “Read more” button below possibly trunctated polls instead of putting the poll below the “Read more” * Remove dead code commit d5963d9401b183336ab0247f5e2ffddc210d95d7 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Aug 8 23:04:19 2019 +0200 Fix crash when saving invalid domain name (#11528) Fix #7629 commit b95281b533be43091ecf94268d031f1896c524f1 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Aug 8 23:04:04 2019 +0200 Fix pinned statuses API returning pagination headers (#11526) Fix #10227 commit 5432edb5a765eb9621a89caf34b78ece41529374 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Aug 8 23:03:09 2019 +0200 Add GIF and WebP support for custom emojis (#11519) Fix #11466 commit 6861534d9ce4e325f4210d985fbb856fb2654b0c Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Aug 8 08:56:55 2019 +0200 Fix "cancel follow request" button having unreadable text in web UI (#11521) Fix #11478 commit 80e391afcdbe92d5ea4731e1571761561eec987b Author: ThibG <thib@sitedethib.com> Date: Wed Aug 7 13:58:53 2019 +0200 Improve focus handling with dropdown menus (#11511) - Focus first item when activated via keyboard - When the dropdown menu closes, give back the focus to the actual element which was focused prior to opening the menu commit c69f190af975d23118ed207280729de4e2472373 Author: ThibG <thib@sitedethib.com> Date: Tue Aug 6 12:08:19 2019 +0200 Fix image uploads being perfectly white when canvas read access is blocked (#11499) Fixes #11496 commit cec93c35d8ac2a3e1b9b640773b37b12cbb3c5fe Author: ThibG <thib@sitedethib.com> Date: Tue Aug 6 11:59:58 2019 +0200 Improve keyboard navigation in privacy dropdown (#11492) * Trap tab in privacy dropdown * Give focus back to last focused element when privacy dropdown menu closes * Actually give back focus to the element that had it before clicking the dropdown commit ad6fcb2d9c791c9ac7c17b25221801f75dba644c Author: ThibG <thib@sitedethib.com> Date: Tue Aug 6 11:59:46 2019 +0200 Improve dropdown menu keyboard navigation (#11491) * Allow selecting menu items with the space bar in status dropdown menus * Fix modals opened by keyboard navigation being immediately closed * Fix menu items triggering modal actions * Add Tab trapping inside dropdown menu * Give focus back to last focused element when status dropdown menu closes commit d8cf2a0fb69dc4c862921e497103ce8b02fab7fd Author: ThibG <thib@sitedethib.com> Date: Tue Aug 6 11:59:14 2019 +0200 Fix privacy dropdown active state when dropdown is placed on top of it (#11495) commit 21e3671e32c2a88f1b19cb42209c88b45ea07607 Author: ThibG <thib@sitedethib.com> Date: Tue Aug 6 11:59:28 2019 +0200 Trap tab in modals (#11493) commit 68da55e50c49faf8d726ec7850376e4112349af1 Author: Jeong Arm <kjwonmail@gmail.com> Date: Mon Aug 5 06:00:38 2019 +0900 Fix timestamp on featured tag (#11477) It resolves #11338 commit 3f7614f98a2610771a5ac7677d7f1249b88f165a Author: ThibG <thib@sitedethib.com> Date: Sat Aug 3 19:10:39 2019 +0200 Disable list title validation button when list title is empty (#11475) commit c1bc34da04c6c65344dbc13a688c3d15f6aa0372 Author: Jeong Arm <kjwonmail@gmail.com> Date: Sun Jul 28 20:46:04 2019 +0900 Prevent archiving when user set "noindex" (#11421) commit a0896ae4bf985ec69b8cbc0dd0099a9c188be760 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sat Jul 27 04:41:55 2019 +0200 Remove timestamps from converted images to make them deterministic (#11408) commit 91fb945b0ee0b41bbd844531f6058ef38845d85e Author: Clar Fon <them@lightdark.xyz> Date: Fri Jul 26 01:57:27 2019 -0400 Remove pre from version, add extra suffix variable (#11407) commit ed27803822d1e63650d168ff111de15b41799b02 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Jul 25 04:17:35 2019 +0200 Change account domain block to clear out notifications and follows (#11393) commit 4e4f73b231602d458c7c332929a557ccadfbaad4 Author: Daigo 3 Dango <zunda@users.noreply.github.com> Date: Sun Jul 21 18:16:30 2019 -1000 Bind servers to 0.0.0.0 in Procfile (#11378) * Bind to 0.0.0.0 * Make Procfile common to main and streaming apps commit 9bb23b8d19b84fb40f289dc3d8b15b04d231fcad Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Jul 21 18:08:02 2019 +0200 Change locale detection to run once per session (#8657) Fix #6462 commit dead24a7733fd24b062d8228ca92ec3f492c39bd Author: ThibG <thib@sitedethib.com> Date: Fri Jul 19 23:22:35 2019 +0200 Disallow numeric-only hashtags (#11363) * Add spec covering numeric-only hashtags * Fix hashtag regex commit d8b8c88c221704429fb9ed75b159a18ed824118b Author: koyu <me@koyu.space> Date: Fri Jul 19 03:58:46 2019 +0200 Added logout to dropdown menu (#11353) * Added logout to dropdown menu * Triggering build-and-test with empty commit as it seems it failed due to some internal failure * Looks fine, ready to review * Added changes from review * method can be null without any problems * Also target can be null commit ad0866804e35803bbf0975e09cf6c8fca1fa9884 Author: ThibG <thib@sitedethib.com> Date: Fri Jul 19 09:18:23 2019 +0200 Fix avatar animation on hover when not logged in (#11349) commit 6c4a196b53bb7d8b8ea8446d5e9c75ea72caab45 Author: ThibG <thib@sitedethib.com> Date: Fri Jul 19 01:44:58 2019 +0200 Fix sanitizing lists contents (#11354) * Add test * Fix code for sanitizing nested lists stripping all tags commit 28f3b13c63fd5ac5210caaa7b63b94e65aeda6b2 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Jul 18 20:28:05 2019 +0200 Change Dockerfile to bind to 0.0.0.0 instead of docker-compose.yml (#11351) commit 8c445c80b5a1b30caf5b57c9ed5e473dd00134f0 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Jul 18 03:02:56 2019 +0200 Fix only one middle dot being recognized in hashtags (#11345) Fix #10934 commit 212848b66e69ddb72f488d233b6378f494a5fff5 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Jul 18 03:02:15 2019 +0200 Change language detection to include hashtags as words (#11341) commit 227c561064e47304f1da37811eb87c7ade67b792 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Wed Jul 17 19:29:37 2019 +0200 Change terms and privacy policy pages to always be accessible (#11334) Fix #11328 commit 2e244b7401daedabbbff771949677adc4beb651f Author: Daigo 3 Dango <zunda@users.noreply.github.com> Date: Mon Jul 15 18:51:36 2019 -1000 Make puma bind address configurable with BIND env var (#11326) commit 291d868773fc9805ed81d6843775adcf9222df03 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Mon Jul 15 05:56:35 2019 +0200 Change default interface of web and streaming from 0.0.0.0 to 127.0.0.1 (#11302) commit b21c6300433ee233ab7df3389bdda612429c4357 Author: han@highemelry <high.emerly.ytfin@gmail.com> Date: Sat Jul 13 01:46:21 2019 +0900 Change the retry limit in error of web push notification (#11292) - Change the maximum count of retry for web push notification (Default -> 5). - In case of high load of subscribe server, the retries will be repeated many times. - Because the retries occupy the default queue, maximum retry count should be reduced. commit f2795699dd7091f9204bf6a53314387f4752e427 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Jul 2 00:59:53 2019 +0200 Change ActivityPub::DeliveryWorker to not retry HTTP 501 errors (#11233) commit d9a024840e8e5ce72072d4bd79a28934cbce62e7 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Mon Jul 1 19:13:30 2019 +0200 Change domain block behaviour to prevent creation of accounts from suspended domains (#11219) commit c8bf30df9240bc067289dae64c09f017fc3de039 Author: ThibG <thib@sitedethib.com> Date: Sun Jul 28 13:48:05 2019 +0200 Fix animate on hover in poll options without CW (#11404) commit 7f9431c3066d6a33835889a6d3c7a4019568360a Author: ThibG <thib@sitedethib.com> Date: Sun Jul 21 18:10:40 2019 +0200 Play animated custom emoji on hover (#11348) * Play animated custom emoji on hover in status * Play animated custom emoji on hover in display names * Play animated custom emoji on hover in bios/bio fields * Add support for animation on hover on public pages emojis too * Fix tests * Code style cleanup commit af410c070619dbb1a6684a969de2043163c89f0d Author: ThibG <thib@sitedethib.com> Date: Sun Jul 21 03:40:27 2019 +0200 Display custom emoji in bio field names (#11350) Already displayed in public pages, but not WebUI commit 16f348431b1f8eb034b9b2c042a12fdedce6f411 Author: ThibG <thib@sitedethib.com> Date: Sat Jul 6 18:18:08 2019 +0200 Only scroll to the compose form if it's not horizontally in the viewport (#11246) Avoids jumping the scroll around vertically when giving it focus and editing long toots. commit 6abd84980310c10d66a0d74324a8b57a9d99889c Author: ThibG <thib@sitedethib.com> Date: Tue Jul 2 00:36:16 2019 +0200 When deleting & redrafting a poll, fill in closest expires_in (#11203) Use the smallest preset expires_in such that the new poll would not expire before the old one. In the typical case of a quick delete & redraft, this results in using the same poll duration. Fixes #10567 commit 99b27a8b4bc41807adeb70aac7ff2ccab8f405d0 Author: ThibG <thib@sitedethib.com> Date: Sat Jun 29 18:32:36 2019 +0200 When sending a toot, ensure a CW is only set if the CW field is visible (#11206) In some occasions, such as the browser or a browser extension auto-filling the existing but disabled/hidden CW field, a CW can be set without the user knowing. commit 39741fa2cd994262bb85af2a2b58402d84aeb4cf Author: ThibG <thib@sitedethib.com> Date: Wed Jun 26 14:28:36 2019 +0200 Scroll to compose form rather than reply indicator on focus (#11182) commit 5b3d70ffa749806976710488ea78e5d01b1b2466 Author: ThibG <thib@sitedethib.com> Date: Fri Jun 28 19:29:11 2019 +0200 Display FTS warning based on actual search term, not the one being typed (#11202) Follow-up to #11112 commit 011909262aeacb64e5e12ef890eaa629f85b6d83 Author: ThibG <thib@sitedethib.com> Date: Thu Jun 27 21:12:26 2019 +0200 Add message telling FTS is disabled when no toot can be found because of this (#11112) * Add message telling FTS is disabled when no toot can be found because of this Fixes #11082 * Remove info icon and reword message commit 69680db8a2fd7f466d11a7a75871fa749f146769 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Jun 25 20:18:15 2019 +0200 Fix unnecessary SQL query performed on unauthenticated requests (#11179) commit 6e28da213961ed37cde7b82947b599eac31c925c Author: ThibG <thib@sitedethib.com> Date: Tue Jun 25 14:45:14 2019 +0200 Apply filters to poll options (#11174) * Apply filters to poll options in WebUI Fixes #11128 * Apply filters to poll options server-side * Add poll options to searchable text commit 74982c71b09ecf137e73194aa03a3be4f0ef669f Author: Eugen Rochko <eugen@zeonfederated.com> Date: Wed Jul 31 09:23:30 2019 +0200 Fix delete regression (#11450) Regression from ff789a751a1c730e4d808410411196b76caff39c commit c83c87fbe2c9586b90c677e24c81d690cade2a02 Author: ThibG <thib@sitedethib.com> Date: Tue Jul 30 13:18:23 2019 +0200 Fix boosting & unboosting preventing a boost from appearing in the TL (#11405) * Fix boosting & unboosting preventing a boost from appearing in the TL * Add tests * Avoids side effects when aggregate_reblogs isn't true commit 363afe5e059030e5c8b20f0b2610c1d1a1185749 Author: ThibG <thib@sitedethib.com> Date: Tue Jul 2 16:03:54 2019 +0200 Memoize ancestorIds and descendantIds in detailed status view (#11234) commit d588173ab382c22c1092a9d4154afec7a8d89ef0 Author: ThibG <thib@sitedethib.com> Date: Sun Jun 30 00:12:38 2019 +0200 Optimize makeGetStatus (#11211) * Optimize makeGetStatus Because `ImmutableList.filter` always returns a new object and `createSelector` memoizes based on object identity, the selector returned by `makeGetStatus` would *always* execute. To avoid that, we wrap `getFilters` into a new memoizer that memoizes based on deep equality, thus returning the same object as long as the filters haven't changed, allowing the memoization of `makeGetStatus` to work. Furthermore, we memoize the compiled regexs instead of recomputing them each time the selector is called. * Fix memoized result being cleared too often * Make notifications use memoized getFiltersRegex commit d1d3684fb5f96d90daf7ebd0173e42db67f270da Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Jul 21 18:10:07 2019 +0200 Fix `alerts` booleans not being typecast correctly in push subscription (#11343) * Fix `alerts` booleans not being typecast correctly in push subscription Fix #10789 * Fix typo commit 6a3876bdaaa7eab08a13f68825681d2d4165ce5a Author: ThibG <thib@sitedethib.com> Date: Fri Jul 19 23:13:21 2019 +0200 Fix some flash notices/alerts staying on unrelated pages (#11364) commit 5cd97c62a0b66739a4936691a7d216303040f773 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Jul 2 11:34:39 2019 +0200 Remove unused StatsD code and expose StatsD as a global variable (#11232) The instrumentation code was used for StatsD metrics collection prior to the switch to the nsa gem and should have been removed at that point as it no longer does anything at all commit 769bbd511f1463431b6cfd274f672ea4aa14dd28 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Jul 2 01:01:17 2019 +0200 Fix statsd UDP sockets not being cleaned up in Sidekiq (#11230) commit 5d79df0273ecb678e8c5a4f97c03e2d6a59b121c Author: ThibG <thib@sitedethib.com> Date: Sun Jun 30 16:11:21 2019 +0200 Fix expiration date of filters being set to “Never” when editing them (#11204) When editing a custom filter, select the shortest preset duration that still covers the remaining time of that filter. Fixes #9506 commit 0367ddb62c37bf8987700a71cbc47acc6b756f81 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Jun 30 16:10:43 2019 +0200 Fix support for MP4 files that are actually M4V files (#11210) Resolve #11187 commit 221110c5d7761427263ac2ada87a06a94bcc9d1f Author: Georg Gadinger <nilsding@nilsding.org> Date: Sun Jul 7 18:13:19 2019 +0200 Update fuubar dependency to 2.4.1 (#11248) See also: thekompanee/fuubar#111 commit 8904487324fd7dc4fc9818fb975926e9defef42d Author: ThibG <thib@sitedethib.com> Date: Fri Jul 26 18:55:33 2019 +0200 Fix invites not being disabled upon account suspension (#11412) * Disable invite links from disabled/suspended users * Add has_many invites relationship to users * Destroy unused invites when suspending an account commit 678292258449cbdb96f569ecb36fee4c423bd36c Author: ThibG <thib@sitedethib.com> Date: Thu Jul 11 14:50:27 2019 +0200 Fix BlockService trying to reject incorrect follow request (#11288) Fixes #11148 commit 806671755899777dba80cf68136fcec54de07366 Author: ThibG <thib@sitedethib.com> Date: Mon Jul 8 18:17:22 2019 +0200 Fix Status.remote scope matching *all* statuses (#11265) commit 5a06f68f0e6573f77d68444b2d3d8eda6c022a9b Author: ThibG <thib@sitedethib.com> Date: Mon Jul 8 02:24:25 2019 +0200 Fix BackupService crashing when an attachment is missing (#11241) * Fix BackupService crashing when an attachment is missing For various reasons such as admin error or out-of-sync media and database backups, it might be possible for local attachments to be lost. This commit allows the BackupService to continue its work even if some media file is missing. * Change error message commit aef567cb9d086585de0cf197781e28bbeeb37665 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sat Jul 6 13:54:32 2019 +0200 Fix option to send e-mail notification about account action always being true (#11242) commit de747948a155ba38379f1ac9b051377e7fb5519a Author: ThibG <thib@sitedethib.com> Date: Fri Jun 28 13:52:15 2019 +0200 Fix swiping columns on mobile sometimes failing (#11200) Fixes #9779 commit c95ce1f3acbe5d328377cf333cbea0b258bf94c9 Author: ThibG <thib@sitedethib.com> Date: Thu Jun 27 19:41:55 2019 +0200 Fix account URI in UpdatePollSerializer (#11194) * Fix account URI in UpdatePollSerializer Fixes #11185 * Add specs commit 405d6a71c8899254d2efcf0343683ea8ad154895 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Sun Jun 30 10:55:00 2019 +0200 Fix merge issues commit f0a512c7cab0e9a4f15672f32e87fcf8d644328c Merge: 1e5b17b88a 66ac1bd063 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue Jun 25 19:44:59 2019 +0200 Merge tag 'v2.9.2' into instance_only_statuses commit 1e5b17b88a48230537715a432baf86e59d798974 Merge: 84c8b1e200 7d92c2c81d Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Mon Jun 3 22:06:36 2019 +0200 Merge tag 'v2.8.4' into instance_only_statuses commit 7d92c2c81d564d2648a362c20bc7914cd377525f Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri May 24 15:35:32 2019 +0200 Bump version to 2.8.4 commit aa80292170967662e74ea5196bd2773ce4f77c07 Author: ThibG <thib@sitedethib.com> Date: Fri May 24 15:21:42 2019 +0200 Improve streaming server security (#10818) * Check OAuth token scopes in the streaming API * Use Sec-WebSocket-Protocol instead of query string to pass WebSocket token Inspired by https://github.com/kubevirt/kubevirt/issues/1242 commit 130fbf839b656dfd544bc02aeff5cf52a9f4cd7c Author: ThibG <thib@sitedethib.com> Date: Thu May 23 20:00:39 2019 +0200 Fix possible race condition when processing statuses (#10815) commit 39d1d022de00114d481b1ad522aa7441ad2c56eb Author: ThibG <thib@sitedethib.com> Date: Thu May 23 15:22:39 2019 +0200 Move signature verification stoplight to the requests themselves (#10813) * Move signature verification stoplight to the requests themselves This avoids blocking messages from known keys for 5 minutes when only one fails… * Put the stoplight on the actual client IP, not a potential reverse proxy commit 9a881c70e215e7860ca7c3a653fc43692c793cdd Author: ThibG <thib@sitedethib.com> Date: Thu May 23 15:00:30 2019 +0200 Retry ActivityPub inbox delivery on HTTP 401 and 408 errors (#10812) HTTP 401 responses returned by Mastodon's inbox controller may be temporary if, for instance, the requesting user's actor/key json could not be retrieved in a timely fashion. This changes allow retries instead of dropping the message entirely. Also added HTTP 408 as that error is by nature temporary. commit 370ec7e7718868a1bd3d645a98b968471e50a349 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun May 19 16:46:49 2019 +0200 Bump version to 2.8.3 commit 9222c26e19ec843d0b1b50b14901983270c9b8b5 Author: ThibG <thib@sitedethib.com> Date: Sun May 19 21:40:36 2019 +0200 Fix “invited by” not showing up for invited accounts in admin interface (#10791) commit 94439a1da7e585207dacf199c0eb4af2be1fdf7d Author: Hinaloe <hina@hinaloe.net> Date: Mon May 20 01:41:41 2019 +0900 fix `isSubmitting` prop case (#10785) commit a6815a757886620315ff0906e175c9d5e5fbb3d8 Author: ThibG <thib@sitedethib.com> Date: Sun May 19 13:49:31 2019 +0200 Add post-deployment migration script to delete public-boosts-of-private-toots (#10783) commit d587a943a549d7ba5bb8433401390ac665bbdf17 Author: Ben Lubar <ben.lubar@gmail.com> Date: Sat May 18 13:57:45 2019 -0500 add og:image:alt for media attachments in embeds (#10779) commit 3c27687a6e1f283ff4f4300b2b07fbc10ba3bba7 Author: ThibG <thib@sitedethib.com> Date: Sat May 18 00:28:51 2019 +0200 Prevent from publicly boosting one's own private toots (#10775) commit ee17d81b8a4e02b5c72e39922f15634b4352c817 Author: ThibG <thib@sitedethib.com> Date: Wed May 15 06:54:06 2019 +0200 Minor performance improvements and cleanup in formatter (#10765) commit 9e95af3391837789a1039c4ea6181588817d3939 Author: Neil Moore <dar13.dev@gmail.com> Date: Wed May 15 00:53:23 2019 -0400 Adds click-able div that expands status (#10733) (#10766) The clickable div is positioned under the account avatar and covers all empty space below it to the end of the status. commit 91e25a20ce55a13d533e3f50cf2ad5b2a40a791c Author: nzws <git@nzws.me> Date: Sun May 12 12:15:42 2019 +0900 Fix some colors in light theme (#10754) * Fix typo in light theme * Fix background color of empty column commit 47e0928c5b7bb87627b0fe768ff89ded787eaffe Author: ThibG <thib@sitedethib.com> Date: Fri May 10 17:59:57 2019 +0200 Change icon and label depending on whether media is marked as sensitive (#10748) * Change icon and label depending on whether media is marked as sensitive * WiP use a checkbox commit c407a4edf8e38fa5cb38abd6bfa526376706e084 Author: Maciek Baron <thebezet@gmail.com> Date: Thu May 9 21:03:32 2019 +0100 Improve poll link accessibility (#10720) * Add distinction between hover and active/focus states * Resolves #10198 commit 7a6464bea090d874266441b46dd8570797f6d3b5 Author: Jeong Arm <kjwonmail@gmail.com> Date: Thu May 9 01:01:33 2019 +0900 Bring back crossed eye icon on gallery (#10715) commit 9679ec4fcba08aa5db6e8365230bfccfee2baab3 Author: nzws <git-yuzu@svk.jp> Date: Wed May 8 06:53:58 2019 +0900 Fix some colors of high contrast theme (#10711) * Fix "nothing here" text color of high contrast * Fix counter border color of high contrast commit b40dfc124b1fc72a675edff20e79301e92aa789f Author: ThibG <thib@sitedethib.com> Date: Mon May 6 05:33:56 2019 +0200 Add description on hover in media gallery (#10713) commit 84c8b1e200f2c2dfbfb33e4ebc9d92f16b08a7b2 Merge: a285462db6 2508370f44 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue May 7 21:42:11 2019 +0200 Merge tag 'v2.8.2' into instance_only_statuses commit a285462db606257d4b01fbb6223d87b4a7299ec5 Author: Thibaut Girka <thib@sitedethib.com> Date: Mon Apr 22 19:10:00 2019 +0200 Do not leak local-only toots to remote mentioned users commit 546581d2ba9a5f511430bdad7b6d8a0e99fee750 Merge: 153385e508 6afab2587d Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Sat Apr 13 23:47:24 2019 +0200 Merge tag 'v2.8.0' into instance_only_statuses commit 153385e508585f45b6cc1a186315de03a16bac70 Merge: e8012c10be f3eb99aec3 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue Feb 19 21:07:43 2019 +0100 Merge tag 'v2.7.2' into instance_only_statuses commit f3eb99aec3c2cd596c0b32fde9eff3be4579b22a Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Feb 17 19:56:23 2019 +0100 Bump version to 2.7.2 commit e5f4af23eff7562901cea1f50f2a83213ff49a58 Author: ThibG <thib@sitedethib.com> Date: Sat Feb 16 14:53:27 2019 +0100 Fix crash on public hashtag pages when streaming fails (#10061) commit 33e8fa0d76c8d7499ab407b58ab1851b9899ebc1 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sat Feb 16 11:56:09 2019 +0100 Fix mutes, blocks, domain blocks and follow requests not paginating (#10057) Regression from #9581 commit 98e38200ab7f238cfe53ea9f6a266b0e3180dec1 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sat Feb 16 05:27:05 2019 +0100 Add vapid_key to the application entity in the REST API (#10058) Fix #8785 commit b6a5268e1b66303491efca3a5d1b310442c92e68 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sat Feb 16 05:23:47 2019 +0100 Add registrations attribute to instance entity in REST API (#10060) Fix #9350 commit caf145029215f176cd470a4cf011c94e90b9dd8e Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Feb 15 23:33:25 2019 +0100 Change error graphic to hover-to-play (#10055) Fix #6060 commit 584f29e62a6000a6d54ae14aafbda7a4725610eb Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Feb 15 19:43:09 2019 +0100 Change buttons on timeline preview to open the interaction dialog (#10054) Fix #9922 commit 7b59de4f5c4055c1cc24b0ea5dbfa384a0a0ebf3 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Feb 15 16:08:48 2019 +0100 Change conversations to always show names of other participants (#10047) Fix #9190 commit 5aa147b67d7b9e4ef1dc322a1ab1e40bfc35efd2 Author: rinsuki <428rinsuki+git@gmail.com> Date: Fri Feb 15 01:03:01 2019 +0900 Fix breaks when opening a reply tree in WebUI (#10046) fix #10045 commit 77a71236ade04edfce8dc5ee98a8d2ff7a064e15 Author: Nolan Lawson <nolan@nolanlawson.com> Date: Wed Feb 13 09:52:36 2019 -0800 perf: run node directly when streaming (#10032) commit 1ad0d232b3ed1c2005d64f1746ecd2d476379852 Author: Ben Lubar <ben.lubar+github@gmail.com> Date: Wed Feb 13 18:04:43 2019 -0600 Improve image description user experience (#10036) * Add image descriptions to searchable post content. * Allow multi-line image descriptions. * Request image descriptions in the same query as posts when creating the search index. (see https://github.com/tootsuite/mastodon/pull/10036#discussion_r256551624) commit 45b2bb464b5ff5b5b5805004a5dc856b495dfc54 Author: nightpool <nightpool@users.noreply.github.com> Date: Wed Feb 13 21:11:47 2019 -0500 Change robots.txt to exclude only media proxy URLs (#10038) * Revert "Change robots.txt to exclude some URLs (#10037)" This reverts commit 80161f43510ad9316c60c9b50dd5c09c2dae4d54. * Let's block media_proxy /media_proxy/ is a dynamic route used for requesting uncached media, so it's probably bad to let crawlers use it * misleading comment commit 637f0007b9535ed988cbe94c9b9b40a8f8e8a24f Author: Eugen Rochko <eugen@zeonfederated.com> Date: Wed Feb 13 21:28:18 2019 +0100 Change robots.txt to exclude some URLs (#10037) - Exclude static assets - Exclude uploaded files - Exclude alternate versions of the profile page - Exclude media proxy URLs commit 8ad75eea62117f8635de8897c74297a5a8b3bd5c Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Feb 15 16:08:59 2019 +0100 Fix relay enabling/disabling not resetting inbox availability status (#10048) Fix #10033 commit b163368c3e3e3a22c4ef98c0d0cd6c07a2ad13e6 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Feb 17 15:16:36 2019 +0100 Fix Announce activities of unknown statuses not fetching those statuses (#10065) Regression from #9998 commit 71b831601db2fdc41aaf4ddbe9fd60db109a3153 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Feb 17 03:38:25 2019 +0100 Add logging for rejected ActivityPub payloads and add tests (#10062) commit e84c7618192b1ba1538e3c0af79acdf604aea5fc Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Feb 15 18:19:45 2019 +0100 Filter incoming Announce activities by relation to local activity (#10041) * Filter incoming Announce activities by relation to local activity Reject if announcer is not followed by local accounts, and is not from an enabled relay, and the object is not a local status Follow-up to #10005 * Fix tests commit ef45411c537d37f06b23914135460544d348bfd6 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Wed Feb 13 18:42:47 2019 +0100 Filter incoming Create activities by relation to local activity (#10005) Reject those from accounts with no local followers, from relays that are not enabled, which do not address local accounts and are not replies to accounts that do have local followers commit 6c11f0f8cf91aa4d0b83a0a9c5a92cfa99dcbfdd Author: ThibG <thib@sitedethib.com> Date: Wed Feb 13 18:36:23 2019 +0100 Alternative handling of private self-boosts (#9998) * When self-boosting, embed original toot into Announce serialization * Process unknown self-boosts from Announce object if it is more than an URI * Add some self-boost specs * Only serialize private toots in self-Announces commit 737ac4b59df77e43bed71abc6de80bc89f893de1 Author: ysksn <bluewhale1982@gmail.com> Date: Sun Feb 3 03:11:38 2019 +0900 Create Redisable#redis (#9633) * Create Redisable * Use #redis instead of Redis.current commit 17a41e1f779874a270f531086f5576affcdb6cb1 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Feb 14 15:46:42 2019 +0100 Fix hashtag column not subscribing to stream on mount (#10040) Fix #9895 commit 5a04861c7f2e98c80f315a19d7eadade044d8aae Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Feb 14 06:27:54 2019 +0100 Add tight rate-limit for API deletions (#10042) Deletions take a lot of resources to execute and cause a lot of federation traffic, so it makes sense to decrease the number someone can queue up through the API. 30 per 30 minutes commit 2a1adab7d7824df9fa148a9431e942d6677c1d71 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Wed Feb 13 18:36:40 2019 +0100 Fix style regressions on landing page (#10030) commit a46487e895fbba23922888820c6b88ad07ebe56b Author: Eugen Rochko <eugen@zeonfederated.com> Date: Wed Feb 13 18:34:58 2019 +0100 Fix hashtags select styling in default and high contrast themes (#10029) commit f0f657e77c65923e6d77b5f62f7ee8544b4d9e00 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Wed Feb 13 05:30:49 2019 +0100 Fix color of static page links in high contrast theme (#10028) commit 1186b9abebc0b92acecebcd020d2f9c17de5d0b3 Author: ThibG <thib@sitedethib.com> Date: Tue Feb 12 22:24:14 2019 +0100 Save IP address used for sign-up, not only sign-in (#10026) Fixes #9995 commit 27310a84a43623da8f08832e30e078ce936f6a1d Author: Franck Zoccolo <franck@zoccolo.com> Date: Tue Feb 12 14:48:04 2019 +0100 Add support for IPv6 only MXes in Email validation (#10009) * Add support for IPv6 only MXes * Fixed email validator tests commit d66267508ac316ffc2756a6677fcbae5a44605c2 Author: ThibG <thib@sitedethib.com> Date: Tue Feb 12 05:10:43 2019 +0100 Move sending account Delete to anyone but the account's followers to the pull̀ queue (#10016) commit 41ecf80645d465d67dfee54d3cbb14a825ed8953 Author: Hinaloe <hina@hinaloe.net> Date: Tue Feb 12 13:10:31 2019 +0900 Don't focus spiler input when disabled spoiler (#10017) commit e1dbdf7377f20ace894ee92cf681542cc4b5eddb Author: ThibG <thib@sitedethib.com> Date: Mon Feb 11 13:19:59 2019 +0100 Fix timeline jumps (#10001) * Avoid two-step rendering of statuses as much as possible Cache width shared by Video player, MediaGallery and Cards at the ScrollableList level, pass it down through StatusList and Notifications. * Adjust scroll when new preview cards appear * Adjust scroll when statuses above the current scroll position are deleted commit d9f0c7fb841bebfa942ddc5b7aae2857eb1381e3 Author: ThibG <thib@sitedethib.com> Date: Wed Feb 6 23:36:43 2019 +0100 Fix IntersectionObserverArticle not hiding some out-of-view items (#9982) IntersectionObserverArticle is made to save on RAM by avoiding fully rendering items that are far out of view. However, it did not work for items spawned outside the intersection observer. commit 6ea4cd5b86b0f96bfa9cfc904ee2c1adb48079a4 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sat Feb 9 20:13:11 2019 +0100 Fix URL linkifier grabbing full-width spaces and quotations (#9997) Fix #9993 Fix #5654 commit 2a7c091eae68b06ae4ad7c566878a04f9926ac92 Author: Hinaloe <hina@hinaloe.net> Date: Sat Feb 9 11:39:38 2019 +0900 Only URLs extract with pre-escaped text (#9991) * [test] add japanese hashtag testcase * Only URLs extract with pre-escaped text ( https://github.com/tootsuite/mastodon/issues/9989 ) commit e2afe5fdfba352b35731acf028bad54f32223282 Author: abcang <abcang1015@gmail.com> Date: Wed Feb 6 10:50:52 2019 +0900 Fix Tombstone.delete_all ArgumentError (#9978) commit edde07f5ab235d6ceca95db66bb53161d372f830 Author: ThibG <thib@sitedethib.com> Date: Tue Feb 5 15:11:35 2019 +0100 Hide misleading “You will be sent a confirmation e-mail” hint from admin view (#9973) Thanks @wryk for noticing this issue. commit cd36ff43fd214b6b1447e88457b5a3f56461c1dd Author: trwnh <a@trwnh.com> Date: Mon Feb 4 21:46:18 2019 -0600 [UI] Fix whitespace being applied to div instead of p (#9968) * fix large line breaks * fix ascii art posts commit 5e7c75cfd328af81a557985e1b5b2c70e6c68645 Author: rinsuki <428rinsuki+git@gmail.com> Date: Tue Feb 5 07:14:57 2019 +0900 Fix not showing custom emojis in share page emoji picker (#9970) commit a742a09530b6bdca78713e14dbab51bc3a56d222 Author: rinsuki <428rinsuki+git@gmail.com> Date: Tue Feb 5 06:25:42 2019 +0900 Fix authorized applications list page design (#9969) commit fdf819b83e820576164074b6726cb6ffdb4a47f6 Author: Jakub Mendyk <jakubmendyk.szkola@gmail.com> Date: Sat Feb 2 19:01:18 2019 +0100 Allow most kinds of characters in URL query (fixes #8408) (#8447) * Allow unicode characters in URL query strings Fixes #8408 * Alternative approach to unicode support in urls Adds PoC/idea to approch this problem. commit 687a0cbcb036255d02aa1fab5132c51da2adc888 Author: Clar Charr <clar@charr.xyz> Date: Thu Jan 31 07:45:15 2019 -0500 Replace unlock-alt icon with unlock (#9952) commit e31970b924a7eaa1279708919b2743a15fb099f0 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Feb 1 00:15:38 2019 +0100 Fix link color in high-contrast theme, add underlines (#9949) Improve sorting of default themes in the dropdown commit 88a1d0cdb4df422594c3ffb335ad794df4e55ea7 Author: Sam Schlinkert <sschlinkert@gmail.com> Date: Mon Jan 28 16:57:42 2019 -0500 Bumps copyright year in README.md to 2019 (#9939) This is so incredibly small, but assuming this is a needed change. Might want to check year in other files. commit e8012c10be2d0b2f9323e309d0e2dae5b113fb60 Merge: 20ad8165a0 28866d329b Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Thu Jan 31 11:08:42 2019 +0100 Merge tag 'v2.7.1' into instance_only_statuses commit 20ad8165a0e2589e8a5a7a3b4a2312c62eb6b357 Merge: e8161a11fc 31e7940de5 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue Jan 22 11:56:24 2019 +0100 Merge tag 'v2.7.0' into instance_only_statuses commit e8161a11fc7a9d9413fe4d9aa794ef734522ded0 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Wed Jan 9 11:12:49 2019 +0100 Normalize translations commit 4207973809bbf3b22f01a4ce811b8b18029d45df Merge: 237952c10d bc3a6dd597 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Wed Jan 9 10:47:10 2019 +0100 Merge tag 'v2.7.0rc1' into instance_only_statuses commit 237952c10d0989ec7510a9ec190baf87cacc40c3 Author: Thibaut Girka <thib@sitedethib.com> Date: Tue Nov 13 17:30:15 2018 +0100 Only stream local-only toots to logged-in users commit f5f9fc366d554916996aa58f8dcbe10bcaf2fc81 Merge: b9f0f794db 887f9de6dc Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Fri Dec 7 15:27:23 2018 +0100 Merge tag 'v2.6.5' into instance_only_statuses commit 887f9de6dc12ef405f92b94eeaa775df74ebb1ef Author: Eugen Rochko <eugen@zeonfederated.com> Date: Sun Dec 2 16:52:40 2018 +0100 Bump version to 2.6.5 commit e625425c8feb611e037c62855845b38ceb4b35c1 Author: ThibG <thib@sitedethib.com> Date: Wed Nov 21 17:02:58 2018 +0100 Include replies to list owner and replies to list members in list statuses (#9324) commit f13d08314e1d683fd40b3cb48c667aced222ce28 Author: ThibG <thib@sitedethib.com> Date: Sun Dec 2 16:46:13 2018 +0100 Preload common JSON-LD contexts (#9412) Fixes #9411 commit 13979a84f93ab07dc002111f9a86eb358260dd00 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Nov 30 19:54:24 2018 +0100 Bump version to 2.6.4 commit 82570019ba01ec11b93f62921b3fc92f369ec53c Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Nov 30 19:16:32 2018 +0100 Remove npm-run-all dependency (#9401) Fix #9359 commit a1216e631537b1fbf07f2c8724ac05e757800be6 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Nov 30 03:08:37 2018 +0100 Bump version to 2.6.3 commit 34de90c486176992d8bc3d0f5f9f1156509d448c Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Nov 27 19:46:05 2018 +0100 Fix TLS handshake timeout not being enforced (#9381) Follow-up to #9329 commit 442f335504129f99bc405539967df628d4701761 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Nov 27 19:15:08 2018 +0100 Skip deliveries to inboxes that have already been marked as unavailable (#9358) commit 58108b448159a8796500f2d3441cfe7b1ca99a67 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Nov 27 18:49:37 2018 +0100 Don't count suspended users in user count (#9380) Fix #7637 commit cc0c1674f03cfbbe3ee28208429f216db1678731 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Tue Nov 27 18:13:36 2018 +0100 Fix nil error when no DNS addresses are found for host (#9379) commit 49f49cf367b6fb8413b1967870a709a5e31c9b71 Author: ThibG <thib@sitedethib.com> Date: Tue Nov 27 12:28:01 2018 +0100 Allow hyphens in the middle of remote user names (#9345) Fixes #9309 This only allows hyphens in the middle of a username, much like dots, although I don't have a compelling reason to do so other than keeping the changes minimal. commit ec20a5d53aa5d234498d0140ce772cd9f027adfb Author: Hugo Gameiro <hmgameiro@gmail.com> Date: Tue Nov 27 11:19:12 2018 +0000 add loglevel to ffmpeg in gif upload (#9368) commit 404dc97fb013b7f835df65dfc22d07f68e482e23 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Nov 23 22:32:20 2018 +0100 Bump version to 2.6.2 commit a2cda74ba3cf6690f257ae612f28e890b7df2237 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Nov 22 20:12:04 2018 +0100 Fix connect timeout not being enforced (#9329) * Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec commit 12bdd7dc5f05e1b9eecf3b56dbcc24cf77bee884 Author: valerauko <vale@valerauko.net> Date: Thu Nov 22 20:49:07 2018 +0900 Ignore JSON-LD profile in mime type comparison (#9179) Ignore JSON-LD profile in mime type comparison commit 15dcb414bf2faaf21a686aa467015d244743c04e Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue Nov 20 22:25:32 2018 +0100 Touch account on successful response, change char shown when culled (#9293) Just the color is not enough change since not everyone uses colored terminals. Touching the account makes it so that the account is not in the threshold window in case of running again commit 2c36d357848c7d7cb64da6fd3464306ea6729da7 Author: Alexandre Alapetite <alexandre@alapetite.fr> Date: Tue Nov 20 22:25:04 2018 +0100 WebSub: ATOM before RSS (#9302) Hello, The ATOM feed contains the hub declaration for WebSub, but the RSS version does not. RSS/ATOM readers will typically pick whichever version comes first, and will thus not see the WebSub feature. I therefore suggest putting the ATOM version first, as it is more feature-rich than its RSS counterpart is. Clients not compatible with ATOM would not pick it anyway due to the different type attribute. A more complicated alternative would be to declare the WebSub feature in the RSS version as well, using something like the following code, and ensuring that clients subscribed to the RSS version would receive PuSH updates just like those subscribed to the ATOM version. ````xml <rss version="2.0" xmlns:webfeeds="http://webfeeds.org/rss/1.0" xmlns:atom="http://www.w3.org/2005/Atom"> <channel> <atom:link rel="self" type="application/rss+xml" href="https://diaspodon.fr/users/test.rss"/> <atom:link rel="hub" href="https://diaspodon.fr/api/push"/> </channel> </rss> ``` commit c0736c466c33473b4db55bf59ed6edc0a0020b27 Author: Dan Hunsaker <danhunsaker@gmail.com> Date: Tue Nov 20 14:24:35 2018 -0700 Update Nginx config for Nanobox apps (#9310) The Nanobox files have gotten out of sync, a touch, with what Masto needs for Nginx settings. This PR updates them accordingly. commit fa02f878fc6fdbc1aae8d3f45e71b4aeb589e7ea Author: Eugen Rochko <eugen@zeonfederated.com> Date: Mon Nov 19 10:37:57 2018 +0100 Fix filter ID not being a string in REST API (#9303) commit ecc58c0f2358ea764c4a4ebd7f9daf4c9143ec7a Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Nov 16 19:46:23 2018 +0100 Prevent multiple handlers for Delete of Actor from running (#9292) commit 6d4438a6ae351e2a8a73c7373c22d28f10838f65 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Nov 16 15:02:18 2018 +0100 Remove intermediary arrays when creating hash maps from results (#9291) commit 01a8ab921e6e2b23cfea834c63b2cd196d15ff0b Author: mayaeh <mayaeh@marimo-net.org> Date: Fri Nov 16 17:47:40 2018 +0900 Fix "tootctl media remove" can't count the file size (#9288) * Fixed an issue where "tootctl media remove" can not count the file size. * Fixed the problem pointed out by codeclimate. commit a3ef0761602481515207c0cf93cae0119dff4b25 Author: ThibG <thib@sitedethib.com> Date: Tue Nov 13 14:58:14 2018 +0100 Fix race condition causing shallow status with only a "favourited" attribute (#9272) Fixes #9231 commit cd8575aef671dd44b4384b79b568f367add43537 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Mon Nov 12 22:07:31 2018 +0100 Fix null error introduced in #9270 (#9275) commit 4ce6ed20211b83d36746f61d4fb7dd001339baa1 Author: ThibG <thib@sitedethib.com> Date: Mon Nov 12 18:17:50 2018 +0100 Perform deep comparison for card data when receiving new props (#9270) Fixes #9226 commit 886ef1cc384f758944407ac0255afe7d71afc513 Author: ThibG <thib@sitedethib.com> Date: Sat Nov 10 23:59:51 2018 +0100 Fix emoji update date processing (#9255) commit d06a724b1c097b4e8b7f1fa2591b0753c349a5ad Author: ThibG <thib@sitedethib.com> Date: Sat Nov 10 20:42:04 2018 +0100 Check that twitter:player is valid before using it (#9254) Fixes #9251 commit f73b7e77dacd94c1d0c7c4bc0c0227eb3159ad19 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Fri Nov 9 09:08:01 2018 +0100 Improve ActiveRecord connection in on_worker_boot (#9238) This is how it looks in the example in the Puma README commit 63f168c3bf26f8c336d966b3619307801cab7cab Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Nov 8 21:55:59 2018 +0100 Fix nil error regression from #9229 in tootctl media remove (#9239) Fix #9237 commit 0f436de035d848ce481a1d21a774031eef41f10d Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Nov 8 21:08:57 2018 +0100 Add "Show thread" link to self-replies (#9228) Fix #4716 commit 21fd335dd7722d512962e5f49812b3e9a0cd426f Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Nov 8 21:06:26 2018 +0100 Display amount of freed disk space in tootctl media remove (#9229) * Display amount of freed disk space in tootctl media remove Fix #9213 * Fix code style issue commit 4b2f2548061cbbe37a98951c01438e327c915c92 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Nov 8 21:06:14 2018 +0100 Fix form validation flash message color and input borders (#9235) * Fix form validation flash message color and input borders * Fix typo commit b3c29ece478d2e34525b4edb9b4eaed4904b1cb5 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Nov 8 21:06:01 2018 +0100 Fix follow limit validator reporting lower number past threshold (#9230) * Fix follow limit validator reporting lower number past threshold * Avoid floating point follow limit commit 330401bec0146be9762358c774efe9a58954d8c4 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Nov 8 21:05:42 2018 +0100 Optimize the process of following someone (#9220) * Eliminate extra accounts select query from FollowService * Optimistically update follow state in web UI and hide loading bar Fix #6205 * Asynchronize NotifyService in FollowService And fix failing test * Skip Webfinger resolve routine when called from FollowService if possible If an account is ActivityPub, then webfinger re-resolving is not necessary when called from FollowService. Improve options of ResolveAccountService commit 5ee4fd46063a2c36d92805ede4b8860065e56dc2 Author: Eugen Rochko <eugen@zeonfederated.com> Date: Thu Nov 8 07:42:17 2018 +0100 Increase default column width from 330px to 350px (#9227) commit 430499fbe12057b833897dada6407c55a0dab048 Author: m.b <mbajur@users.noreply.github.com> Date: Mon Nov 5 18:54:07 2018 +0100 Update resolve_url_service.rb (#9188) commit 449e6e451f6185c44ed3b2d60b56b46b55e52281 Author: Steven Tappert <admin@dark-it.net> Date: Mon Nov 5 18:51:43 2018 +0100 Check for empty "last_status" before sorting DM column (#9207) * Check for empty "last_status" before sorting * Small touchups for codeclimate commit b9f0f794db01515c5365ec96150752ba86f5b4f5 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue Oct 23 08:42:13 2018 +0200 Change setting wording commit 3306fad8036a441ede18b112a7dea8d7751d3dc6 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue Oct 23 08:38:13 2018 +0200 Fix wrong configuration fetched commit fde9668bae3649a92bed1d7cb2089b6eb0b611b1 Merge: d42a06fc74 f468bfb830 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue Oct 23 08:32:55 2018 +0200 Merge tag 'v2.6.0rc1' into instance_only_statuses commit d42a06fc7404f64ada011554cfd7ea7574c769e9 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Mon Oct 1 19:32:47 2018 +0200 Add default federation option to settings commit 9d6e005849123baeecc37124a351c1cf75517343 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Mon Oct 1 19:14:36 2018 +0200 Fix issue with toggle in mobile commit 5497b5af611a8c5eed14461c3b6fbbd0ead224ec Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Tue Sep 4 18:27:34 2018 +0200 Add local only icon to status page commit 469294d2939669ec8acbfaa10a03993bdb178298 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Mon Sep 3 21:47:07 2018 +0200 Hide local statuses from user atom and from unlogged users commit 6bef1a8134333efabd9be677273f33e194bd327a Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Sun Aug 26 12:42:32 2018 +0200 Add local_only to admin screens commit e1049a94aa4e1a8ed8ec02b25f5ce5bba4f4665f Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Sun Aug 26 12:27:13 2018 +0200 Normalize translations ran yarn build:development && i18n-tasks normalize && yarn manage:translations && i18n-tasks remove-unused commit b4ae56e82fe8ca4a8e7b1dfd19f84c0af34b69ce Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Fri Aug 24 19:27:12 2018 +0200 Add local_only indicator to detailed status commit c963e1548d750dbb8ce0c46b1df268c43fcdec4d Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Fri Aug 24 18:56:11 2018 +0200 Add local_only indicator in the status action bar commit f37ca30ea166ee6a9c0e2fdec58ede0e10a7c6b5 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Sat Aug 25 13:27:58 2018 +0200 Add backend support for local_only on status create Based off ThibG implementation on glitch #502 commit 4969ea4f2cb5e48b66797bded55c4256601396f1 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Thu Aug 23 20:35:29 2018 +0200 Base frontend on privacy dropdown commit ffaa814bbe202de7e9f594698f6b1297fd950255 Author: Renato "Lond" Cerqueira <renato@lond.com.br> Date: Thu Aug 23 19:30:09 2018 +0200 Use backend from glitch-soc for instance-only toots
The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds.
Regression from #6813
Now, the total timeout is 1 second for DNS look-up, and 10 seconds for socket opening, wherein 2 IPs are tried one after the other within those 10 seconds. So if there is only one IP, we wait 10 seconds, if there's two IPs, we wait 5 seconds each.